<?php
namespace Admin\Controller;

use Base\Controller\AdminBaseController;

class LoginController extends AdminBaseController {

    public function _initialize() {
        C(S('sp_dynamic_config'));                              // 加载动态配置
    }

	/******************************** JSON *********************************/
	public function doLogin() {
	    $login_page_showed_success = session("__SP_ADMIN_LOGIN_PAGE_SHOWED_SUCCESS__");
	    if (!$login_page_showed_success) {
	        $data['code']  = 499;
	        $data['msg'] = 'login error!';
	        $this->ajaxReturn($data);
	    }
	
	    $username = I("post.username");
	    if (empty($username)) {
	        $data['code']  = 499;
	        $data['msg'] = L('USERNAME_OR_EMAIL_EMPTY');
	        $this->ajaxReturn($data);
	    }
	    	
	    $password = I("post.password");
	    if (empty($password)) {
	        $data['code']  = 499;
	        $data['msg'] = L('PASSWORD_REQUIRED');
	        $this->ajaxReturn($data);
	    }
	    	
//     	$verrify = I("post.verify");
//     	if (empty($verrify)) {
// 		    $data['code']  = 499;
// 		    $data['msg'] = L('CAPTCHA_REQUIRED');
// 		    $this->ajaxReturn($data);
//     	}
	    	
	    // 验证码
	    //if (!sp_check_verify_code()) {
	    if (false) {
	        $data['code']  = 499;
	        $data['msg'] = L('CAPTCHA_NOT_RIGHT');
	        $this->ajaxReturn($data);
	    }

	    $userModel = D("Admin/User");
	    
	    if (strpos($username, "@") > 0){                      // 邮箱登陆
	        $where['email'] = $username;
	    } else {
	        $where['username'] = $username;
	    }
	    $where['_string'] = 'status != -1 AND status != -2';							// 只要不是已删除（-1）和已禁用（-2）用户均可登录
	    
	    $result = $userModel->where($where)->find();
	    if (empty($result) ) {
	        $data['code']  = 499;
	        $data['msg'] = L('USERNAME_NOT_EXIST');
	        $this->ajaxReturn($data);
	    }
	     
	    // if (comparePassword($password) == $result['password']) {                      // if login success
	    if (false) {
	        $data['code']  = 499;
	        $data['msg'] = L('PASSWORD_NOT_RIGHT');
	        $this->ajaxReturn($data);
	    }
	     
	    $sql = "select m.* from __USER_ROLE__ ur, __ROLE_MENU__ rm, __MENU__ m
							where ur.role_id = rm.role_id
							and rm.menu_id = m.id
							and ur.user_id = " . $result["id"];
	    $menus = M()->query($sql);
	    // 	                dump($menus);
	    
	    if ($result["id"] != 1 && (empty($menus) || empty($result['status']))) {
	        $data['code']  = 499;
	        $data['msg'] = L('USE_DISABLED');
	        $this->ajaxReturn($data);
	    }
	    
	    // 登入成功页面跳转
	    session('ADMIN_ID', $result["id"]);
	    session('ADMIN_USERNAME', $username);
	    session('ADMIN_MENUS', json_encode($menus));
	    cookie("ADMIN_USERNAME", $username, 3600 * 24 * 30);

// 		$result ['last_login_ip'] = get_client_ip ( 0, true );
// 		$result ['last_login_time'] = date ( "Y-m-d H:i:s" );
// 		$user->save($result);
	    
	    $data['code']  = 0;
	    $data['msg'] = L('LOGIN_SUCCESS');
	    $this->ajaxReturn($data);
	}

    /******************************** HTML *********************************/
	// 后台登陆界面
	public function login() {
		$adminId = session('ADMIN_ID');
		if (!empty($adminId)) {                                // 已经登录
			redirect(U("Admin/Index/index"));
		}

		$siteAdminUrlPassword = C("SP_SITE_ADMIN_URL_PASSWORD");
		$upw = session("__SP_UPW__");
		
		if (!empty($siteAdminUrlPassword) && $upw != $siteAdminUrlPassword) {
		    redirect(__ROOT__ . "/");
		} else {
		    session("__SP_ADMIN_LOGIN_PAGE_SHOWED_SUCCESS__", true);
		    $this->display(":login");
            return;
		}
	}
	
	// 登出
	public function logout(){
	    session(null);
	    redirect(__ROOT__ . "/Admin/Login/login");
	}

}
